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DETAILED ACTION 

1 . In view of the Appeal Brief filed on 05/1 3/08, PROSECUTION IS HEREBY 
REOPENED. A new ground of rejection set forth below. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1 .1 13 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed 
by an appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and 
appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth 
in 37 CFR 41 .20 have been increased since they were previously paid, then appellant 
must pay the difference between the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 
signing below: 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2137 

2. Claims 1-70 are pending. 

Response to Arguments 

3. Applicant's arguments filed March 13, 2008 have been considered but are moot 
in view of the new ground(s) of rejection. 
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Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claim 25 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Claim 25 recites "a downloadable set of 
processor-executable instructions for performing the method of claim 1 ," a 
downloadable set of instructions is a form of signal which does not fall in one of the four 
statutory categories. Therefore, the claim is non-statutory. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1-4, 8-19, 22-29, 33-44, 47-52, 56-67 and 70 are rejected under 35 
U.S.C. 1 03(a) as being unpatentable over under 35 by Freund (US 5,987,61 1 ) in view 
of Fazal et al. (hereinafter Fazal) US 2005/0246767. 

Regarding claims 1, 26 and 49, 

Freund discloses a method for controlling connections to a computer, the method 
comprising: 
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applying a pre-configured security policy that establishes a restricted zone of at 
least one pre-approved host that the computer may connect to, so that the computer is 
not allowed to participate with general connectivity to the internet until security- relevant 
updates have been completed; (col. 3, line 5-67; col. 14, lines 14-23; col. 15, lines 26- 
33; col. 1 6, lines 1 -3; a client-side filter that is controlled by the centralized authority 
. . .the centralized authority has a way of enforcing non-compliance) 

receiving a request for a connection from the computer to a particular host; (col. 

4, lines 51-55; col. 5, lines 44-45; the system can monitor TCP/IP activities ...if a 
particular client has access rights to the Internet . . . trapping a request for Internet 
access from a client computer) 

based on said pre-configured security policy, determining whether the particular 
host is within the restricted zone of at least one pre-approved host; (col. 4, lines 3-4; col. 

5, lines 6-8; the centralized supervisor application is installed on a computer on the LAN 
that can be reached from all workstations that need access to the Internet) 

blocking all clients that have not been verified by the supervisor application; (col. 
4, lines 51-55; col. 5, 10-15 and lines 46-47; col 15, lines 26-col. 16, line 3; the system 
can monitor TCP/IP activities . . .if a particular has access rights to the Internet 
. . .determining whether the request for the Internet access would violate any of the rules 
transmitted to the particular client; the supervisor monitors whether a client has the filter 
application loaded and provides the filter application .. .the supervisor application signals 
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the firewall which client applications have been certified so that the firewall only grants 
Internet access to those clients) 

blocking said connection if said particular host is not within the restricted zone of 
at least one pre-approved host; (col. 4, line 3-4; col. 5, lines 49-51 ; col. 28, lines 30-31 ; 
col. 1 9, lines 61-66; if the request for Internet access violates any of the rules ... denying 
the request for Internet access . . .if the supervisor detects any problem with the client, It 
notifies the firewall to disable Internet access for the client) and 

once the computer has complied with the security update policy, lifting the 
restricted zone so that the computer is allowed to participate with general connectivity 
to the internet (col. 3, line 64-col. 4, line 4; col. 14, lines 14-23; col. 15, lines 26-33; col. 
1 6, lines 1 -3; a supervisor application that maintains the access rules for the client 
based filter and verifies the existence and proper operation of the client-based-filter 
application (installed at each client). ..and provides filter application with the rules for the 
specific user or workstation) 

Freund does not explicitly disclose controlling connections to a computer upon its 
initial deployment of the computer. Fazal in analogous art, however, discloses 
controlling connections to a computer upon its initial deployment of the computer, (page 
1 , pp.8; page 3. pp. 34; page 4, pp. 43-52; 4, pp.41 ; only device that are found to be in 
compliant with a predefined corporate security policy may be allowed to access the 
network or network services; page 6, pp.69-71; when a new device attempts to connect 
to the network the server determines whether the new device fulfills corporate 
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standards, if so the server enables access and if the new device is not up-to-date, the 
device is instructed to contact the update server). Therefore it would have been obvious 
to one ordinary skill in the art at the time the invention was made to modify the method 
disclosed by Freund with Fazal in order to ensure the security features of connected 
devices are up-to-date and non-compliant devices have limited access, if any, thereby 
discovering the current state of connected devices and update device as early as 
possible in the timeline, (page 1 , pp.6; Fazl) 

Regarding claims 2, 17, 27, 42, and 65: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches comprising: prior to the initial deployment of 
the computer includes a hard disk having a manufacturer-provided disk image, and 
wherein the manufacturer-provided disk image include preconfigured security policy (the 
prior art disclosed a pre-package security rules in the system and hard disk for storage, 
therefore it is a fact that the preconfigured image is stored in the hard disk, further 
applicant discloses in the background of the specification that pre-installing imaging in 
hard disk is well known in the art see paragraph 1 1 and 13 (col. 25, lines 3-10; col. 7, 
line 40). 

Regarding claims 3 and 28: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches wherein the computer comprises the portable 
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computer and initial deployment includes establishing Internet connectivity (col. 15, lines 
14-16). 

Regarding claims 4 and 29: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches wherein the restricted zone comprises a pre- 
access restricted zone specifically for a new machine (col. 26, lines 60-64; col. 23, line 
2-3). 

Regarding claims 8, 33 and 56: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches wherein said blocking step includes, 
instructing a firewall, which is responsive to said preconfigured security policy, to block 
connections to any host that is not within the restricted zone of at least one pre- 
approved hosts (col. 12, lines 61-64). 

Regarding claims 9-12, 22, 34-37, 47, 57-60 and 70, 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches wherein the pre-approved host comprises 
specific security-relevant sites; (the limitation of the specific sites include antivirus, 
firewall and end point security websites is implicitly disclosed within the prior art, as the 
rules can be set to block or allow whatever site the administrator or user need to block 
or allow (col. 23, lines 66-67; col. 24, lines 1-5). 
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Regarding claims 13, 38 and 61: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches wherein other attempted connections to the 
computer are refused (col. 25, lines 1-13; col. 14, lines 13-22; col. 19, lines 57-60). 

Regarding claims 14-15, 39-40 and 62-63: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches upon the computer completing updating of 
security sub-systems, removing the restricted zone so that the computer may connect to 
other machines (the prior art discloses a system with pre-existing rules that can be 
updated to include as well as exclude host that the system may connect to (col. 24, 
lines 40-44; col. 26, lines 18-42; col. 27, lines 25-32; col. 25, lines 22-30)). 

Regarding claims 16, 41 and 64,: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches wherein the preconfigured security policy is 
preinstalled on the computer prior to user purchase (the prior art discloses a system 
with a pre-defined or pre-package access right which meets the limitation of preinstalled 
prior to purchase (col. 25, lines 3-10). 

Regarding claims 18, 43 and 66: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches wherein the computer is not allowed to 
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anticipate with general connectivity to the Internet until security-relevant updates have 
been performed (col. 22, lines 38-41). 

Regarding claims 19, 44 and 67: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches comprising providing an option that allows a 
user to override the preconfigured security update policy (col. 27, lines 18-19). 

Regarding claims 23 and 48: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches comprising upon first attempted connection 
of the computer downloading an updated list of hosts that the computer may initially 
connect to (col. 22, lines 20-31). 

Regarding claim 24: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches a computer-readable medium having 
processor-executable instructions for performing the method of claim 1 (col. 7, lines 39- 
41). 

Regarding claim 25: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above. In addition, Freund further teaches a downloadable set of processor- 
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executable instructions for performing the method of claim 1 (col. 7, lines 39-41 ;col. 5, 
lines 25-26; col. 21 , lines 29-37). 

8. Claims 5-6, 30-31 and 53-54 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Freund (US 5,987,61 1 ) in view of Fazal et al. (hereinafter Fazal) US 
2005/0246767) and in view of Perkins et al. (US 2004/0187028 A1). 

Regarding claims claim 5, 30 and 53: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above, except the method wherein said preconfigured security update policy operates 
to prevent the computer from being remotely accessed by another computer upon initial 
deployment. The general concept of applying a policy rule to prevent remote access to 
a computer system is well known in the art as illustrated by Perkins, which discloses a 
firewall blocking remote access to a computer system (para. 0017, lines 7-9), therefore 
it would have been obvious for one of ordinary skill in the art at the time of the invention 
to modify Freund and Fazal to include the use Perkins in order to protect the computer 
system from possible external threats. 

Regarding claims 6, 31 and 54 

The combination of Freund and Fazal discloses all the subject matter discussed 
above except the method wherein said preconfigured security update policy operates to 
prevent the computer from being remotely probed for vulnerabilities by other computers. 
The general concept of preventing a computer from being remotely probed for 
vulnerabilities is well known in the art as illustrated by Perkins, which discloses a firewall 
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to block remote access from a computer system (para. 0017, lines 7-9). Therefore it 
would have been obvious for one of ordinary skill in the art at the time of the invention to 
modify Freund and Fazal to include the use of Perkins in order to protect a computer 
system from being attack by an external computer. 

7. Claims 7, 32 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Freund (US 5,987,61 1) in view of Fazal et al. (hereinafter Fazal) US 2005/0246767 and 
in view of Aroya (US 2004/0177274 A1) 

Regarding claims 7, 32 and 55,: 

The combination of Freund and Fazal discloses all the subject matter discussed 
above, except the method wherein said preconfigured security update policy operates to 
prevent the computer from being infected by a malicious program delivered through an 
open port. The general concept of preventing attacks from open port access is well 
known in the art as illustrated by Aroya, which discloses filtering and controlling port 
access as to reduce vulnerabilities to a computer system (para. 0006, lines 1-9). 
Therefore it would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Freund and Fazal to include the use of Aroya in order to protect a 
computer system from being attack through open ports. 

8. Claim 20 is rejected under 35 U.S.C. 103(a) as being unpatentable over Freund 
(US 5,987,61 1) in view of Fazal et al. (hereinafter Fazal) US 2005/0246767 in view of 
Marchosky (US 2004/01 17215 A1 ). 

Regarding claims 20-21, 45-46 and 68-69: 
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The combination of Freund and Fazal discloses all the subject matter discussed 
above, except providing a warning to user and displaying a disclaimer to user. The 
general concept of providing a warning and displaying a disclaimer to user is well known 
in the art as illustrated by Marchosky, which discloses a warning is provided to a user 
and a disclaimer (para. 01 88, lines 7-9). Therefore it would have been obvious for one 
of ordinary skill in the art at the time of the invention to modify Freund and Fazal to 
include the use of providing a warning and disclaimer to a user in order to let user know 
of their responsibilities upon overriding security policy. 

Claim Rejections - 35 USC § 102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

1 0. Claims 1 , 26 and 49 rejected under 35 U.S.C. 1 02(e) as being anticipated by 
Albert et al. (hereinafter Albert) US 2003/0177389. 

Regarding claims 1, 26 and 49, 

Albert discloses a method for controlling connections to a computer upon its 
initial deployment, the method comprising: 
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Upon the initial deployment, applying a pre-configured security policy that 
establishes a restricted zone of at least one pre-approved host that the computer may 
connect to, so that the computer is not allowed to participate with general connectivity to 
the internet until security- relevant updates have been completed; (figures 5A and 5B; 
page 3., pp. 24-25; page 5, pp. 50-51; page 9, pp. 80-83) 

receiving a request for a connection from the computer to a particular host; 
(figures 5A and 5B; page 3., pp. 24-25; page 5, pp. 50-51 ; page 9, pp. 80-83) 

based on said pre-configured security policy, determining whether the particular 
host is within the restricted zone of at least one pre-approved host; (figures 5A and 5B; 
page 3., pp. 24-25; page 5, pp. 50-51 ; page 9, pp. 80-83) 

blocking all clients that have not been verified by the supervisor application; 
(figures 5A and 5B; page 3., pp. 24-25; page 5, pp. 50-51 ; page 9, pp. 80-83) 

blocking said connection if said particular host is not within the restricted zone of 
at least one pre-approved host; (figures 5A and 5B; page 3., pp. 24-25; page 5, pp. 50- 
51; page 9, pp. 80-83) and 

once the computer has complied with the security update policy, lifting the 
restricted zone so that the computer is allowed to participate with general connectivity to 
the internet (figures 5A and 5B; page 3., pp. 24-25; page 5, pp. 50-51 ; page 9, pp. 80- 
83) 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHEWAYE GELAGAY whose telephone number is 
(571)272-4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

IS. Q.I 

Examiner, Art Unit 2137 



/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2137 



